Home Sql Mysql-example PHP SQL Injection Example

Related Tutorials


 
 

Share on Google+Share on Google+

PHP SQL Injection Example

Advertisement
Database is the main part of any application used to store the sensitive information like user credentials, financial information etc.

PHP SQL Injection Example

     

This Example illustrates how injection is used in the sql query.

Database is the main part of any application used to store the sensitive information like user credentials, financial information etc. SQL Injection is a technique to break the security of the database of the application. This is one of the most common technique used by hackers to steal the data from the database from the application layer. The name "SQL injection" itself indicates that it injects or manipulates SQL code by adding unexpected Sql string to a query. This can result into database manipulation in an unexpected way i.e. the application will run the Sql query that was not intended.

In the below source code, the first query is the normal query which has no problem in execution, as our MySQL statement will just select everything from "emp" table where name equal to "sandeep". In the next query, the ' ' OR 1 makes the sql not the same that we intended because it will always be true and each entry in the table would be selected by this statement.

 

 

Source Code of phpSqlInjection.php

<?php
  $name = "sandeep"
  $query = "SELECT * FROM emp WHERE name = '$name'";
  echo "Normal: " . $query . "<br>";

  $wrongName = "'OR 1'";
  $query1 = "SELECT * FROM emp WHERE name = '$wrongName'";
  echo "Injection: " . $query1 . "<br>";

  $name1 = "'; DELETE FROM emp WHERE 1 or name = '"
  $query2 = "SELECT * FROM emp WHERE name = '$name1'";
  echo "Injection: " . $query2;
?>

 

Output:

Download Source Code

Advertisement

If you enjoyed this post then why not add us on Google+? Add us to your Circles



Liked it!  Share this Tutorial


Follow us on Twitter, or add us on Facebook or Google Plus to keep you updated with the recent trends of Java and other open source platforms.

Posted on: January 20, 2009

Related Tutorials

Discuss: PHP SQL Injection Example  

Post your Comment


Your Name (*) :
Your Email :
Subject (*):
Your Comment (*):
  Reload Image
 
 
Comments:1
Daxiong
December 21, 2011
cyberserv's logo

test
DMCA.com